CVE-2017-11770

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
microsoftaspnetcore
1.0
microsoftaspnetcore
1.1
microsoftaspnetcore
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101710
http://www.securitytracker.com/id/1039787
https://access.redhat.com/errata/RHSA-2017:3248
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770
http://www.securityfocus.com/bid/101710
http://www.securitytracker.com/id/1039787
https://access.redhat.com/errata/RHSA-2017:3248
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770